Home / os / wince

Telerik Report Server Authentication Bypass / Remote Code Execution

Posted on 13 June 2024

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with administrative privileges. The USERNAME datastore option can be used to authenticate with an existing account to prevent the creation of a new one. The deserialization flaw works by uploading a specially crafted report that when loaded will execute an OS command as NT AUTHORITYSYSTEM. The module will automatically delete the created report but not the account because users are unable to delete themselves.

 

TOP